At a time when cybersecurity and hacking have become top national security concerns, Twitter and its reach to hundreds of millions of users is coming under growing scrutiny for the risk of privacy breaches on the site.

A group calling itself the Syrian Electronic Army, which is supportive of that country’s leader, President Bashar al-Assad, during the two-year civil war, claimed responsibility on Tuesday on its own Twitter feed for the AP hack.

The group has in the past taken credit for similar invasions into Twitter accounts of National Public Radio, BBC, CBS’s “60 Minutes” program and Reuters News.

A Twitter spokesman declined to comment on the Tuesday breach, saying the company did not comment “on individual accounts for privacy and security reasons.” An FBI representative had no immediate comment.

“There’s plenty of blame to go around,” said Stewart Baker, a cybersecurity lawyer at Steptoe & Johnson in Washington. “AP should have had better passwords, Twitter should have gone to at least optional two-factor authentication months ago, and guys on the Street really should be thinking twice before they trade on Twitter reports. That’s risky.”

For years, security experts have called on Twitter to introduce a two-factor authentication measure, which requires a two-step process to log in and which they say would greatly reduce such breaches.

In recent months, the San Francisco company has hired security experts and posted job listings for software engineers, who could help the company roll out two-factor authentication.

The AP has said hackers made repeated attacks before Tuesday’s incident to steal the passwords of AP journalists. AP’s Twitter accounts @AP and @AP_Mobile are currently suspended.

‘A NEW LOW’ FOR INVESTOR COMMUNITY

The false “BREAKING” tweet, which went out to the AP’s nearly 2 million Twitter followers, sent the S&P 500 and Dow Jones Industrial Average falling sharply before they recovered. Stock and bond futures also were affected.

“It’s a new low in the capital market sales and trading and investor community,” said Russ Certo, managing director in fixed income at Brean Capital in New York.

A spokesman for U.S. Representative Ed Markey, a Massachusetts Democrat who has warned about the potential for high-frequency trading to disrupt markets, said the trading chaos on Tuesday showed the SEC needed to rein in the practice.

“As today’s events yet again illustrate, the security of our markets is a part of our overall national and economic security, and we need to take steps to protect ordinary Americans from unfair or reckless trading practices,” said Eben Burnham-Snyder, a spokesman for Markey.

After the false tweet, the benchmark S&P 500 dropped 14 points to as low as 1,563.03 before recovering, all in about five seconds. The Dow Jones Industrial Average temporarily dropped 143.5 points, or 0.98 percent.

“You have to wonder (about) this system we’ve built based on technology and speed,” said Joe Saluzzi, co-manager of trading at Themis Trading in Chatham, New Jersey.

“The (SEC’s) mission is to protect the individual investor. And they don’t feel protected today,” he said. “Events like today shatter confidence, and the problem is you don’t get confidence back tomorrow.”

Earlier this year, Bloomberg’s professional trading platform started incorporating tweets after the SEC clarified how companies can disclose material information through social media.

On Tuesday, spokeswoman Sabrina Briefel said the fake tweet appeared on the Bloomberg terminal. She said the company was not reconsidering its decision to include tweets.

The AP is the latest media organization to come under siege from hackers in a spate of incidents over the past several months. The New York Times and the Wall Street Journal said their systems were hacked, prompting the White House and lawmakers to push through legislation designed to help better defend against cyber attacks. DM